NIST publishes final guidance addressing secure software taskings in cyber EO

The National Institute of Standards and Technology has released software supply chain guidance addressing various aspects of its work completed over the past year to fulfill taskings from the 2021 cyber executive order.

The guidance provides details on EO-critical software, software verification, Software Bill of Materials, “enhanced vendor risk assessments,” open source controls and vulnerability management.

NIST originally published the guidance as an appendix in the draft update NIST Special Publication 800-161, and took the material out of the final...